Cross-Site Scripting Vulnerability in UI Patterns by Drupal
CVE-2026-15084
Currently unrated
What is CVE-2026-15084?
A Cross-Site Scripting (XSS) vulnerability exists in the Drupal UI Patterns module, allowing malicious users to inject harmful scripts into generated web pages. This issue affects UI Patterns versions from 2.0.0 to 2.0.17, enabling attackers to execute scripts in the context of another user's session, potentially compromising user data and application integrity.
Affected Version(s)
UI Patterns (SDC in Drupal UI) 2.0.0 < 2.0.17
